Sign-up

ID

VAR-201801-0151


CVE

CVE-2017-16724


TITLE

Advantech WebAccess bwwfaa Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-18-044

DESCRIPTION

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the Notify2 utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable

Trust: 10.71

sources: NVD: CVE-2017-16724 // ZDI: ZDI-18-058 // ZDI: ZDI-18-051 // ZDI: ZDI-18-023 // ZDI: ZDI-18-043 // ZDI: ZDI-18-041 // ZDI: ZDI-18-045 // ZDI: ZDI-18-044 // ZDI: ZDI-18-054 // ZDI: ZDI-18-042 // ZDI: ZDI-18-047 // ZDI: ZDI-18-025 // ZDI: ZDI-18-061 // ZDI: ZDI-18-053 // ZDI: ZDI-18-050 // CNVD: CNVD-2018-00671 // BID: 102424 // IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // CNVD: CNVD-2018-00671

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 9.8

vendor:advantechmodel:webaccessscope:ltversion:8.3

Trust: 1.6

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccess 8.2 20170330scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccess 8.1 20160519scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccess 8.0 20150816scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-042 // ZDI: ZDI-18-058 // ZDI: ZDI-18-054 // ZDI: ZDI-18-045 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-023 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // BID: 102424 // CNNVD: CNNVD-201801-242 // NVD: CVE-2017-16724

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-16724
value: HIGH

Trust: 9.1

nvd@nist.gov: CVE-2017-16724
value: CRITICAL

Trust: 1.0

ZDI: CVE-2017-16724
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2018-00671
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-242
value: CRITICAL

Trust: 0.6

IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1
value: CRITICAL

Trust: 0.2

ZDI: CVE-2017-16724
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 9.1

nvd@nist.gov: CVE-2017-16724
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

ZDI: CVE-2017-16724
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-00671
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-16724
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-042 // ZDI: ZDI-18-058 // ZDI: ZDI-18-054 // ZDI: ZDI-18-045 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-023 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // CNNVD: CNNVD-201801-242 // NVD: CVE-2017-16724

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2017-16724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-242

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // CNNVD: CNNVD-201801-242

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02

Trust: 9.8

title:Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-00671)url:https://www.cnvd.org.cn/patchInfo/show/113123

Trust: 0.6

title:Advantech WebAccess Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77553

Trust: 0.6

sources: ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-042 // ZDI: ZDI-18-058 // ZDI: ZDI-18-054 // ZDI: ZDI-18-045 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-023 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // CNNVD: CNNVD-201801-242

EXTERNAL IDS

db:NVDid:CVE-2017-16724

Trust: 12.5

db:BIDid:102424

Trust: 2.5

db:ICS CERTid:ICSA-18-004-02

Trust: 1.9

db:CNVDid:CNVD-2018-00671

Trust: 0.8

db:CNNVDid:CNNVD-201801-242

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-5045

Trust: 0.7

db:ZDIid:ZDI-18-044

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5052

Trust: 0.7

db:ZDIid:ZDI-18-050

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5054

Trust: 0.7

db:ZDIid:ZDI-18-053

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5064

Trust: 0.7

db:ZDIid:ZDI-18-061

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4993

Trust: 0.7

db:ZDIid:ZDI-18-025

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5048

Trust: 0.7

db:ZDIid:ZDI-18-047

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5043

Trust: 0.7

db:ZDIid:ZDI-18-042

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5061

Trust: 0.7

db:ZDIid:ZDI-18-058

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5055

Trust: 0.7

db:ZDIid:ZDI-18-054

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5046

Trust: 0.7

db:ZDIid:ZDI-18-045

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5042

Trust: 0.7

db:ZDIid:ZDI-18-041

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5044

Trust: 0.7

db:ZDIid:ZDI-18-043

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4991

Trust: 0.7

db:ZDIid:ZDI-18-023

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5051

Trust: 0.7

db:ZDIid:ZDI-18-051

Trust: 0.7

db:IVDid:E2E0E08F-39AB-11E9-B1D1-000C29342CB1

Trust: 0.2

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-042 // ZDI: ZDI-18-058 // ZDI: ZDI-18-054 // ZDI: ZDI-18-045 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-023 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // BID: 102424 // CNNVD: CNNVD-201801-242 // NVD: CVE-2017-16724

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-02

Trust: 11.7

url:http://www.securityfocus.com/bid/102424

Trust: 2.2

url:http://webaccess.advantech.com

Trust: 0.3

sources: ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-042 // ZDI: ZDI-18-058 // ZDI: ZDI-18-054 // ZDI: ZDI-18-045 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-023 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // BID: 102424 // CNNVD: CNNVD-201801-242 // NVD: CVE-2017-16724

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 9.8

sources: ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-042 // ZDI: ZDI-18-058 // ZDI: ZDI-18-054 // ZDI: ZDI-18-045 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-023 // ZDI: ZDI-18-051

SOURCES

db:IVDid:e2e0e08f-39ab-11e9-b1d1-000c29342cb1
db:ZDIid:ZDI-18-044
db:ZDIid:ZDI-18-050
db:ZDIid:ZDI-18-053
db:ZDIid:ZDI-18-061
db:ZDIid:ZDI-18-025
db:ZDIid:ZDI-18-047
db:ZDIid:ZDI-18-042
db:ZDIid:ZDI-18-058
db:ZDIid:ZDI-18-054
db:ZDIid:ZDI-18-045
db:ZDIid:ZDI-18-041
db:ZDIid:ZDI-18-043
db:ZDIid:ZDI-18-023
db:ZDIid:ZDI-18-051
db:CNVDid:CNVD-2018-00671
db:BIDid:102424
db:CNNVDid:CNNVD-201801-242
db:NVDid:CVE-2017-16724

LAST UPDATE DATE

2024-11-23T22:22:15.891000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-044date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-050date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-053date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-061date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-025date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-047date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-042date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-058date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-054date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-045date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-041date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-043date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-023date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-051date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00671date:2018-01-10T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201801-242date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16724date:2024-11-21T03:16:51.453

SOURCES RELEASE DATE

db:IVDid:e2e0e08f-39ab-11e9-b1d1-000c29342cb1date:2018-01-10T00:00:00
db:ZDIid:ZDI-18-044date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-050date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-053date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-061date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-025date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-047date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-042date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-058date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-054date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-045date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-041date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-043date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-023date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-051date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00671date:2018-01-10T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201801-242date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16724date:2018-01-05T08:29:00.347